SoalrWinds SEM - great value
September 11, 2020

SoalrWinds SEM - great value

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review

Overall Satisfaction with SolarWinds Security Event Manager (SEM)

It addresses the issue of audit requirement by utilizing log consolidation (syslog, traps, windows log). For windows, an agent needs to be deployed. SEM normalizes the data for several fields so that it is easier to locate the specific event from the 10 million events received per day. The GUI is split into two parts. The first part is part of the new GUI which has dashboard, monitor, nodes, rules, groups (limited). The second is the older GUI where the other functions are. I tend to stay in the older GUI unless the function has been moved over to the new GUI. There is a third interface which can be reached by SSHing to the SEM. This allows to us to diagnosis any issues with the SEM.
It is generally used by the security team, but read-only access has been given to the networking and windows team to enable them to search for specific log entries.

Pros

  • Parses the logs into several comment fields to make the search easier
  • Can scale up to 218 million per day

Cons

  • For large amount of events, there is an unreasonable amount of CPUs and Memory needed
  • Reporting function has not been updated in many years and is very difficult to write
  • ROI is favorable as it checks off auditing requirements.
  • Right after installation, SEM usually uncovers various of issues, which the clients love to see. One client uncovered thousands of failed logins from an employee who had left the company years ago.
Several clients have moved away from LogRhythm because of cost. SEM offers the best ROI for the function. Its interface is much cleaner then LogRhythm. However, there is a steeper learning curve with SEM. The ease of search and data integrity offered by SEM is definitely a plus - as it stores multiple copies of the database and cross-checks for integrity.
Support for SEM is really good. For example, if the connector is not decoding the event correctly, SolarWinds will make a new connector to properly decode the event - this usually takes about two weeks. The support team is very knowledgeable about the inner workings of SEM and have full access to the system to resolve any internal issues.

Do you think SolarWinds Security Event Manager (SEM) delivers good value for the price?

Yes

Are you happy with SolarWinds Security Event Manager (SEM)'s feature set?

Yes

Did SolarWinds Security Event Manager (SEM) live up to sales and marketing promises?

Yes

Did implementation of SolarWinds Security Event Manager (SEM) go as expected?

Yes

Would you buy SolarWinds Security Event Manager (SEM) again?

Yes

Well suited for triggering on well-defined events, such as logon failure. The correlation engine is especially useful in triggering on dissimilar events. Overall, it captures all of the events, and using the filters to locate the events is the best application.

It is not well suited for reporting, as it is very slow, making it almost unusable. The File Integrity Monitor is a good concept but does not work well in the real world. As it generates multiple events for file delete, create, etc.

Comments

More Reviews of SolarWinds Security Event Manager (SEM)